akanealw/linux-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ca8929fcde63528fa9f4dc28fa7c930a7aa26503
linux-scripts/ubuntu/ubuntu-essentials.sh

368 lines
16 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [ "$EUID" -ne 0 ]
then
echo "Please run as root"
exit
fi
# disable restart prompt for services during an update
if [[ ! -f /etc/needrestart/conf.d/no-prompt.conf ]] ; then
echo "\$nrconf{restart} = 'a';" >> /etc/needrestart/conf.d/no-prompt.conf
fi
# remove os prober
apt-get remove os-prober -y
# update and upgrade
apt-get update
apt-get upgrade -y
if [[ -f /dev/.lxc-boot-id ]]
then
apt-get remove -y qemu-guest-agent
else
apt-get install -y qemu-guest-agent
fi
# download and install packages
apt-get install -y bind9-dnsutils restic hstr htop ncdu pwgen sudo nano curl wget zip unzip git rsync man-db cifs-utils nfs-common parted libtalloc2 libwbclient0 net-tools gnupg apt-transport-https tmux gdisk bash-completion
# add akanealw user if not existing
isInFile=$(cat /etc/passwd | grep -c "akanealw")
if [ $isInFile -eq 0 ]
then
echo "Set password for akanealw"
useradd -m -p '$y$j9T$NB7zOwLzhMgtxiCGjzwvf.$YGAIpv6m/DIlgNT5IU5H.K.QSNMCG5/TKY9sYlfGsGB' -s /bin/bash -d /home/akanealw akanealw
mkdir /home/akanealw/.ssh
chown akanealw:akanealw /home/akanealw/.ssh
chmod 700 /home/akanealw/.ssh
cp /root/.ssh/authorized_keys /home/akanealw/.ssh > /dev/null 2>&1
chown akanealw:akanealw /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
chmod 600 /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
fi
# create akanealw file in /etc/sudoers.d
if [[ ! -f /etc/sudoers.d/akanealw ]]
then
echo "akanealw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/akanealw
fi
usermod -a -G sudo akanealw
# enable ping for all users
setcap 'cap_net_admin,cap_net_raw+ep' $(which ping)
# remove all motd
apt-get remove --purge update-motd > /dev/null 2>&1
rm /etc/default/motd-news > /dev/null 2>&1
rm -r /etc/update-motd.d > /dev/null 2>&1
rm /etc/motd > /dev/null 2>&1
# git config
git config --global credential.helper store
git config --global user.name "akanealw"
git config --global user.email "akanealw@gmail.com"
git config --global init.defaultBranch main
# show ip in /etc/issue
if [[ ! -f /etc/issue.default ]]
then wget -qO /etc/issue.default http://192.168.1.50/files/ubuntu/issue.default
fi
rm /etc/issue > /dev/null 2>&1
cp /etc/issue.default /etc/issue
name=$(basename /sys/class/net/e*)
echo "" >> /etc/issue
echo "$name: \4{$name}" >> /etc/issue
echo "" >> /etc/issue
# set input preferences
if [[ ! -f /etc/inputrc.default ]]
then wget -qO /etc/inputrc.default http://192.168.1.50/files/ubuntu/inputrc.default
fi
rm /etc/inputrc > /dev/null 2>&1
cp /etc/inputrc.default /etc/inputrc
echo "" >> /etc/inputrc
echo "set completion-ignore-case On" >> /etc/inputrc
# set bash preferences and aliases
if [[ ! -f /etc/bash.bashrc.default ]]
then wget -qO /etc/bash.bashrc.default http://192.168.1.50/files/ubuntu/bash.bashrc.default
fi
rm /etc/bash.bashrc > /dev/null 2>&1
cp /etc/bash.bashrc.default /etc/bash.bashrc
echo "" >> /etc/bash.bashrc
echo "# custom settings and aliases" >> /etc/bash.bashrc
echo "set -o noclobber" >> /etc/bash.bashrc
echo "alias lsa='ls -alhvF'" >> /etc/bash.bashrc
echo "alias cd..='cd ..'" >> /etc/bash.bashrc
echo "alias grep='grep --color'" >> /etc/bash.bashrc
echo "alias si='sudo -i'" >> /etc/bash.bashrc
echo "alias mkdir='mkdir -pv'" >> /etc/bash.bashrc
echo "alias du='sudo du -h'" >> /etc/bash.bashrc
echo "alias df='sudo df -h'" >> /etc/bash.bashrc
echo "alias ports='sudo netstat -tulpna'" >> /etc/bash.bashrc
echo "alias start='sudo systemctl start'" >> /etc/bash.bashrc
echo "alias stop='sudo systemctl stop'" >> /etc/bash.bashrc
echo "alias restart='sudo systemctl restart'" >> /etc/bash.bashrc
echo "alias status='sudo systemctl status'" >> /etc/bash.bashrc
echo "alias sdr='sudo systemctl daemon-reload'" >> /etc/bash.bashrc
echo "alias senable='sudo systemctl enable'" >> /etc/bash.bashrc
echo "alias sdisable='sudo systemctl disable'" >> /etc/bash.bashrc
echo "alias snano='sudo nano'" >> /etc/bash.bashrc
echo "alias sreboot='sudo reboot'" >> /etc/bash.bashrc
echo "alias spoweroff='sudo poweroff'" >> /etc/bash.bashrc
echo "alias tf='sudo tail -f'" >> /etc/bash.bashrc
echo "alias aptupy='sudo apt update && sudo apt upgrade -y'" >> /etc/bash.bashrc
echo "alias aptiy='sudo apt install -y'" >> /etc/bash.bashrc
echo "alias aptry='sudo apt remove -y'" >> /etc/bash.bashrc
echo "alias aptrpy='sudo apt remove --purge -y'" >> /etc/bash.bashrc
echo "alias aptary='sudo apt autoremove -y'" >> /etc/bash.bashrc
echo "alias apts='sudo apt search'" >> /etc/bash.bashrc
echo "alias aptl='sudo apt list --installed'" >> /etc/bash.bashrc
echo "alias aptsh='sudo apt show'" >> /etc/bash.bashrc
echo "alias aptac='sudo apt autoclean'" >> /etc/bash.bashrc
echo "alias dpkgi='sudo dpkg -i'" >> /etc/bash.bashrc
echo "alias tmuxls='tmux ls'" >> /etc/bash.bashrc
echo "alias tmuxa='tmux attach -t'" >> /etc/bash.bashrc
echo "alias hh='hstr'" >> /etc/bash.bashrc
echo "export HSTR_CONFIG=hide-help,hicolor,prompt-bottom,ignorespace,raw-history-view" >> /etc/bash.bashrc
# docker aliases
if [[ -f /etc/apt/keyrings/docker.gpg ]]
then
echo "alias dc='docker compose'" >> /etc/bash.bashrc
echo "alias dcup='docker compose up -d'" >> /etc/bash.bashrc
echo "alias dcdown='docker compose down'" >> /etc/bash.bashrc
echo "alias dcpull='docker compose pull'" >> /etc/bash.bashrc
echo "alias dps='docker ps'" >> /etc/bash.bashrc
echo "alias dstart='docker start'" >> /etc/bash.bashrc
echo "alias dstop='docker stop'" >> /etc/bash.bashrc
echo "alias drestart='docker restart'" >> /etc/bash.bashrc
echo "alias dlf='docker logs -f'" >> /etc/bash.bashrc
echo "alias dipaf='docker image prune -a -f'" >> /etc/bash.bashrc
echo "alias deit='docker exec -it'" >> /etc/bash.bashrc
echo "alias lzd='lazydocker'" >> /etc/bash.bashrc
fi
# create copy of file before editing
if [[ ! -f /usr/local/bin/cpb ]]; then
cat <<'EOF' >> /usr/local/bin/cpb
#!/bin/bash
if [ $# -eq 1 ]
then
cp -pvi "$1" "${1}.bak"
else
echo "Info: $0 copies to a backup file"
echo "Usage: $0 <file to be backed up with .bak extension>"
fi
EOF
chmod +x /usr/local/bin/cpb
fi
# create tmux config
rm /etc/tmux.conf* > /dev/null 2>&1
echo "unbind C-b" >> /etc/tmux.conf
echo "set-option -g prefix C-a" >> /etc/tmux.conf
echo "bind-key C-a send-prefix" >> /etc/tmux.conf
# configure email for sending notifications
isInFile=$(cat /etc/postfix/main.cf | grep -c "gmail")
if [ $isInFile -eq 0 ]
then
DEBIAN_FRONTEND=noninteractive apt-get install -y libsasl2-modules mailutils postfix postfix-pcre
echo "smtp.gmail.com notify.akanealw@gmail.com:leawkqqpthbwacrf" > /etc/postfix/sasl_passwd
echo "/^From:.*/ REPLACE From: $(hostname) <notify.akanealw@gmail.com>" > /etc/postfix/smtp_header_checks
chmod 600 /etc/postfix/sasl_passwd
postmap hash:/etc/postfix/sasl_passwd
postmap hash:/etc/postfix/smtp_header_checks
sed -i 's@relayhost =@#relayhost = @g' /etc/postfix/main.cf
sed -i 's@smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@g' /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "# google mail configuration" >> /etc/postfix/main.cf
echo "relayhost = smtp.gmail.com:587" >> /etc/postfix/main.cf
echo "smtp_use_tls = yes" >> /etc/postfix/main.cf
echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf
echo "smtp_sasl_security_options =" >> /etc/postfix/main.cf
echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf
echo "smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem" >> /etc/postfix/main.cf
echo "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache" >> /etc/postfix/main.cf
echo "smtp_tls_session_cache_timeout = 3600s" >> /etc/postfix/main.cf
echo "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
postfix reload
echo "This is a test message sent from postfix on $(hostname)" | mail -s "Test Email from $(hostname)" akanealw@gmail.com
else
echo "Email already configured."
fi
# configure unattended upgrades
isInFile=$(cat /etc/apt/apt.conf.d/20auto-upgrades | grep -c 'APT::Periodic::Unattended-Upgrade "1";')
if [ $isInFile -eq 0 ]
then
apt install -y apt-listchanges unattended-upgrades
sed -i 's@// "origin=ubuntu,codename=${distro_codename}-updates";@ "origin=ubuntu,codename=${distro_codename}-updates";@g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's!//Unattended-Upgrade::Mail "";!Unattended-Upgrade::Mail "akanealw@gmail.com";!g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's@//Unattended-Upgrade::MailReport "on-change";@Unattended-Upgrade::MailReport "on-change";@g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's@//Unattended-Upgrade::Remove-Unused-Dependencies "false";@Unattended-Upgrade::Remove-Unused-Dependencies "true";@g' /etc/apt/apt.conf.d/50unattended-upgrades
echo "APT::Periodic::Update-Package-Lists \"1\";" > /etc/apt/apt.conf.d/20auto-upgrades
echo "APT::Periodic::Unattended-Upgrade \"1\";" >> /etc/apt/apt.conf.d/20auto-upgrades
systemctl enable unattended-upgrades
systemctl start unattended-upgrades
systemctl status unattended-upgrades
echo "Unattended upgrades configured successfully."
else
echo "Unattended upgrades already configured."
fi
# sshd config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak > /dev/null 2>&1
isInFile=$(cat /etc/hostname | grep -c "proxmox")
if [ $isInFile -eq 0 ]
then
isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PermitRootLogin prohibit-password")
if [ $isInFile -eq 0 ]
then
sed -i 's/PermitRootLogin no/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
fi
fi
isInFile=$(cat /etc/hostname | grep -c "proxmox")
if [ $isInFile -eq 0 ]
then
# isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PasswordAuthentication no")
# if [ $isInFile -eq 0 ]
# then
sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
# fi
fi
# authorized_keys akanealw
cp /home/akanealw/.ssh/authorized_keys /home/akanealw/.ssh/authorized_keys.bak > /dev/null 2>&1
isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "winpc-akanealw")
if [ $isInFile -eq 0 ]
then
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKYj+eRQsvdLvrJNoqugb9A7iQT+BEPb6LI9BseyhWR winpc-akanealw" >> /home/akanealw/.ssh/authorized_keys
chown akanealw:akanealw /home/akanealw/.ssh/*
chmod 600 /home/akanealw/.ssh/*
fi
isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "server-akanealw")
if [ $isInFile -eq 0 ]
then
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAiw0sQxxTg/zBm/Hz4LLjtiuGfefF2vogGkYcWox4S server-akanealw" >> /home/akanealw/.ssh/authorized_keys
chown akanealw:akanealw /home/akanealw/.ssh/*
chmod 600 /home/akanealw/.ssh/*
fi
# authorized_keys root
cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak
isInFile=$(cat /root/.ssh/authorized_keys | grep -c "winpc-root")
if [ $isInFile -eq 0 ]
then
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBI/kuy/SVCxShVBNtWtNREX9cpWrlsthV3z15ky+bPy winpc-root" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
isInFile=$(cat /root/.ssh/authorized_keys | grep -c "server-root")
if [ $isInFile -eq 0 ]
then
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWiw5lVzQIZiZc1SPphvHhdSpFl9UN6Xm4znFqq5xs4 server-root" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
# config /home/akanealw/.ssh/
isInFile=$(cat /home/akanealw/.ssh/config | grep -c "*-root")
if [ $isInFile -eq 0 ]
then
cp /home/akanealw/.ssh/config /home/akanealw/.ssh/config.bak > /dev/null 2>&1
mv /home/akanealw/.ssh/known_hosts /home/akanealw/.ssh/known_hosts.old > /dev/null 2>&1
echo "" >> /home/akanealw/.ssh/config
echo "" >> /home/akanealw/.ssh/config
echo "Host *-root" >> /home/akanealw/.ssh/config
echo "User root" >> /home/akanealw/.ssh/config
echo "IdentityFile /root/.ssh/server-root" >> /home/akanealw/.ssh/config
echo "" >> /home/akanealw/.ssh/config
echo "Host *" >> /home/akanealw/.ssh/config
echo "Port 22" >> /home/akanealw/.ssh/config
echo "User akanealw" >> /home/akanealw/.ssh/config
echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /home/akanealw/.ssh/config
chown akanealw:akanealw /home/akanealw/.ssh/*
chmod 600 /home/akanealw/.ssh/*
fi
# config /root/.ssh/
isInFile=$(cat /root/.ssh/config | grep -c "*-root")
if [ $isInFile -eq 0 ]
then
cp /root/.ssh/config /root/.ssh/config.bak > /dev/null 2>&1
mv /root/.ssh/known_hosts /root/.ssh/known_hosts.old > /dev/null 2>&1
echo "" >> /root/.ssh/config
echo "" >> /root/.ssh/config
echo "Host *-root" >> /root/.ssh/config
echo "User root" >> /root/.ssh/config
echo "IdentityFile /root/.ssh/server-root" >> /root/.ssh/config
echo "" >> /root/.ssh/config
echo "Host *" >> /root/.ssh/config
echo "Port 22" >> /root/.ssh/config
echo "User akanealw" >> /root/.ssh/config
echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /root/.ssh/config
chmod 600 /root/.ssh/*
fi
# server-akanealw
if [[ ! -f /home/akanealw/.ssh/server-akanealw ]]
then
echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /home/akanealw/.ssh/server-akanealw
echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /home/akanealw/.ssh/server-akanealw
echo "QyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEgAAAJgPgcu8D4HL" >> /home/akanealw/.ssh/server-akanealw
echo "vAAAAAtzc2gtZWQyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEg" >> /home/akanealw/.ssh/server-akanealw
echo "AAAEDalS9Q+0KRMMqOXnie/d0uckbLIePYYY7DOqs8cJ7UF2Aiw0sQxxTg/zBm/Hz4LLjt" >> /home/akanealw/.ssh/server-akanealw
echo "iuGfefF2vogGkYcWox4SAAAAD3NlcnZlci1ha2FuZWFsdwECAwQFBg==" >> /home/akanealw/.ssh/server-akanealw
echo "-----END OPENSSH PRIVATE KEY-----" >> /home/akanealw/.ssh/server-akanealw
chown akanealw:akanealw /home/akanealw/.ssh/*
chmod 600 /home/akanealw/.ssh/*
fi
# server-root
if [[ ! -f /root/.ssh/server-root ]]
then
echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /root/.ssh/server-root
echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /root/.ssh/server-root
echo "QyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOAAAAJAnxfYyJ8X2" >> /root/.ssh/server-root
echo "MgAAAAtzc2gtZWQyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOA" >> /root/.ssh/server-root
echo "AAAEBUjm9GcUvXzKnpiw0aYd+Ca7+LAWuq0u6l0FjPQyQjd3Wiw5lVzQIZiZc1SPphvHhd" >> /root/.ssh/server-root
echo "SpFl9UN6Xm4znFqq5xs4AAAAC3NlcnZlci1yb290AQI=" >> /root/.ssh/server-root
echo "-----END OPENSSH PRIVATE KEY-----" >> /root/.ssh/server-root
chmod 600 /root/.ssh/*
fi
# restart sshd
systemctl restart ssh
systemctl restart sshd
# lock root
isInFile=$(cat /etc/hostname | grep -c "BackupServer")
if [ $isInFile -eq 0 ]
then
if [[ -d /home/akanealw ]]
then
isInFile=$(cat /etc/shadow | grep -c 'root:!')
if [ $isInFile -eq 0 ]
then
passwd -l root
skill -KILL -u root
exit
else
echo "root account already locked."
exit
fi
else
echo "akanealw account not found, not locking root."
fi
fi
Reference in New Issue View Git Blame Copy Permalink